CVE-2025-58361
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-09-05

Assigner: GitHub, Inc.

Description
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips `javascript:` and a few patterns. `data:` URLs (for example data:image/svg+xml,…) still pass. If a sanitized value is used in href/src, an attacker can execute a script. There is currently no fix for this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-09-05
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58361
EUVD
EUVD-2025-26851
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
promptcraft promptcraft-forge-studio *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a critical cross-site scripting (XSS) issue in Promptcraft Forge Studio caused by an incomplete URL scheme validation. The sanitizer function intended to block dangerous URL schemes only removes certain patterns like 'javascript:', but fails to block 'data:' URLs. Attackers can exploit this by injecting malicious SVG content with embedded scripts via 'data:' URLs. When these URLs are used in HTML attributes like href or src, the embedded script executes, allowing arbitrary JavaScript execution within the application's origin. [1]

Impact Analysis

Exploitation of this vulnerability can lead to arbitrary JavaScript execution in the context of the vulnerable application. This can result in theft of user tokens, unauthorized actions performed on behalf of the user, and other malicious activities. The attack requires user interaction, such as clicking or rendering a crafted URL. The impact includes high confidentiality and integrity risks, but no impact on availability. [1]

Detection Guidance

This vulnerability can be detected by searching for usage of the vulnerable sanitizer function in the file src/utils/validation.ts and checking if user-controlled URLs are passed through it without proper scheme validation. You can also scan your codebase for occurrences of URLs containing 'data:' schemes used in href or src attributes. For example, you can use the following commands to find potentially vulnerable code: 1. Search for usage of the sanitizer function or validation.ts file: grep -r 'sanitizeUrl' ./src/utils/ 2. Search for occurrences of 'data:' URLs in the codebase: grep -r 'data:image/svg+xml' ./ 3. Search for href or src attributes that might use user input: grep -rE '(href|src)="[^"]*"' ./ Additionally, monitoring network traffic for suspicious URLs containing 'data:' schemes or SVG content with embedded scripts can help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include replacing the current URL sanitizer with a strict allow-list approach that only permits safe URL schemes such as 'http:' and 'https:'. Specifically, implement a sanitizer function similar to the recommended one that uses the URL API to validate schemes and rejects all others including 'data:', 'javascript:', and 'vbscript:'. Avoid relying on regex for scheme validation. Additionally, avoid passing untrusted strings to functions like dangerouslySetInnerHTML, and prefer using relative URLs or explicit allow-lists. Since no patched versions are available, applying these code changes is critical to prevent exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58361. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart